Through this SBIR, a system will be developed to enable authorized users to access video and audio from existing surveillance systems, and rebroadcast the video/audio signals for use by authorized users such as first responders. McQ will leverage its extensive camera interface, video compression, cryptography, and product development experience to both perform the appropriate tradeoffs in designing the system and to successfully build and test a prototype system. Interoperability is a critical feature of the system to allow the system to operate on a variety of closed circuit and networked camera systems; each with different physical interfaces, communication standards, and architectures. McQ's plug-and-play camera interface experience developed through developing its vWatch product, and its extensive networking and communications experience based on over a decade of developing video streaming products, will be efficiently utilized. During Phase I, a detailed analysis was performed to identify the dominant camera interface standards which encompass the largest variety of existing surveillance camera products; and a complete system design was developed to discover, interface with, and stream video from these devices. During Phase II, a prototype multi interface secure AV rebroadcasting system will be built and tested. The necessary hardware and software will be implemented to achieve the goals of the program. The technologies derived from Phase II development can be used to improve the ease of use of remote camera systems and allow operators to dynamically manage their video consumption, resulting in reduced costs of streaming video.

Blockchain technology shows promise when applied to identity management ecosystems. However, current blockchain technology stacks have been designed and optimized such that they are tightly coupled to a specific application area. More often than not, they focus on the transfer of financial value, not identity management. If ledger technology is going to be used to solve a wide variety of problems, a more generalized, modular design for producing many different ledgers may be a better alternative to trying to solve many problems using the same ledger instance, such as Bitcoin. Digital Bazaar therefore proposes to build a blockchain technology stack that is capable of producing many instances of "fit for purpose" decentralized ledgers. During Phase I, Digital Bazaar created a proof-of-concept for a generalized, configurable ledger technology stack from which many different ledgers can be instantiated, each narrowly-tailored for their own use case, while using a common, extensible core data model.
In Phase II, Digital Bazaar intends to build upon the results of Phase I by creating a core commercial ledger product and additional technology to support three identity management use cases: Privacy-enhanced Credential Revocation, Privacy-aware Checkpoint Tracking, and Publishing Public Credentials for Status Checking. Digital Bazaar has successfully acquired and included letters of interest from multiple organizations that have demonstrated their commitment to running pilot programs in these areas for Phase II. The result of these pilot programs should be a commercial product with an initial set of customers.

The purpose of this SBIR Proposal is to conduct the research needed to enable blockchain technology to serve as serve as a decentralized foundation for privacy-respecting identity management. In this phase, Evernym will research and develop a decentralized key management system (DKMS) based on the DID (Decentralized Identifier) specification developed in Phase I. The DID specification has already been embraced by the leading developers of blockchain identity solutions and is currently being implemented for Bitcoin, Ethereum, and Sovrin.
The combination of DIDs for identity and DKMS for public key discovery and verification will enable a decentralized identity management (DIDM) infrastructure that will empower people and organizations to securely and confidentially manage and assert their identities. Open standards and established industry protocols will permit identity owners to selectively disclose identity claims and manage their privacy and digital relationships.
Evernym's thesis is that the combination of DIDs, DKMS, and DIDM architecture, using public and/or private blockchains as "trust anchors", can meet traditional information security principles of confidentiality, integrity, availability, non-repudiation and provenance as well as privacy-by-design principles of user control, selective disclosure of information, and pseudonymity.
This proposal presents the basic research challenges that need to be accomplished to adapt traditional PKI technologies to blockchains, simplifying both identity management and key management for individuals and institutions while at the same time enhancing both security and privacy. Our proposed effort and deliverables will enable the development and release of commercial products in Phase III for Homeland Security Enterprise applications and enterprise customers.

BlueRISC's proposed solution provides a fundamentally new approach to predicting the presence of malware in a network based on a novel graph-theoretical framework. Unlike traditional approaches that are reactive, it builds on a predictive capability that is flexible, adaptive, and is not relying on signatures or strict rule based malware definitions. The approach captures system motion as a predictive surrogate for malicious activity. This occurs based a concise graph-based forensics representation of a system's state and associated space-time correlation algorithms which use graph theory.

Predicting malware trends and designing defenses to defeat the next generation of malware is difficult but necessary in order to significantly increase the cost to attackers of developing malware and executing successful attacks. Without such malware trend predictions, we will continually be defending against yesterday's attacks and will remain unprepared for new threats. Embedded devices are becoming the next target for attackers as traditional workstations and servers become more secure.
We will create a hybrid approach toward embedded device malware trend prediction. Our approach targets both long-term malware trend prediction utilizing attack graphs and short-term approaches monitoring malware and capturing forensic data to provide real-time predictions. A hybrid of short-term and long-term approaches offers many benefits. Captured samples would confirm or better inform the long-term predictions of what evasions and attack paths malware uses. Long-term predictions would enable advanced defenses to be prepared to capture malware samples.
Our hybridized predictive malware trending scheme will significantly increase situational awareness into both short-term and long-term attack trends. Furthermore, our output will enhance embedded attack incidence response capabilities at an enterprise level and predict future attack trends at both tactical and strategic time scales.

Motivated by a real operational need to tackle threats posed by the onslaught of constantly evolving exploits and malware, this proposal describes techniques for dynamically analyzing malware that addresses weaknesses in the status quo by (i) focusing on memory-oriented artifacts without the use of traditional sandbox hooks, while at the same time (ii) providing operators with enhanced situational understanding and preemptive malware and exploit defenses. Specifically, we will explore the design and implementation of novel memory-oriented techniques for conducting automated analysis of malware binaries (i.e. so called cyber-physiology techniques) to not only assist analysts in understanding the their function and intent, but also produce a novel set of outputs (i.e. artifacts, behaviors, code constructs) that, combined, concisely represent human understandable malware and exploit fingerprints. Second, we will design and implement so called cyber-genomics techniques for both individually using and collating a multitude of these malware fingerprints over time to not only aid in determining their identity, lineage, and provenance, but also identify trends in fingerprint components to pinpoint key distinguishing characteristics of malware that are likely to be utilized in future waves of attack.

To address the DHS need to rapidly predict, detect, and react to ever-changing flood conditions, Physical Optics Corporation (POC) proposes to develop a new Real-time Flood Forecasting and Reporting (RAFFAR) system based on a combination of commercial off-the-shelf (COTS) wireless networking technologies and existing proprietary POC sensors. The system will offer a means to deploy a scalable mesh network across a broad area that allows sensors to relay information through open data exchange standards to an operation center for monitoring of both flood conditions and heavy rain conditions that serve as predictors of floods. After collection, the information will be relayed to handheld devices through wireless emergency alerting. In Phase I, POC demonstrated the feasibility of RAFFAR by building and testing a preliminary prototype network and performing an analysis of a full-size network roll-out. At the end of the Phase I effort, the RAFFAR system reached TRL-6. In Phase II, POC plans to manufacture sufficient sensors to deploy a 100+ unit network for extensive outdoor testing. The successful completion of this project at the end of Phase III will benefit the nation in both government and commercial sectors by providing real-time disaster data so that first responders can react appropriately based on the best possible information. Commercial applications for this technology include applications in disaster prevention and recovery, manufacturing and equipment monitoring, and irrigation management.

Progeny Systems proposes to design and build 100 units of a deployable, low-cost flood inundation sensor for alerts, warnings and notifications to responders and citizens using Internet of Things (IoT) Wireless Emergency Alerts. The sensor will be ruggedized, modular, deployable, GPS-enabled, and submersible. The sensor will be part of a scalable wireless mesh sensor network. The sensor network will consist of an array of wireless sensor nodes that can measure ever-changing flood conditions and report them back to an operations center through a gateway node. The data from all the nodes in the network will be collected and analyzed at the operations center so as to rapidly predict, detect and react to inundation of low-lying areas, underpasses, and critical transportation corridors. This critical data will allow for federal, state and local governments to make real-time decisions pertaining to flood response.

The proposed SBIR Phase II project continues the development of a highly-reliable, modular, and cost-effective wide-area flood sensor network system. The senor nodes operate on IEEE802.15.4 wireless physical layer, and an enhanced energy-efficient 6LoWPAN (IPv6 over Low power Wireless Personal Area Networks) open-standard mesh protocol. The sensor network operates for over 10 years in the field monitoring water-levels without requiring battery replacement. The proposed system addresses the present gap in cost-effectively monitoring and projecting water-levels and flooding, and generating early warnings in all terrains including urban and remote rugged areas.

In this project, we propose to develop software that employs open source information to assess factors related to resilience. The goal is challenging because current technology does not scale well due to the heterogeneity of the problem. Specifically, the heterogeneity of the data, as well as the heterogeneity of the assessment process makes it time-consuming to develop extractors for harvesting relevant data, as well as to develop decision methods for performing resiliency/preparedness assessments.
Our work in phase II will produce an end-to-end working system, called OpenWatch, that can use real-time, open-source data to assess resilience, and provide the results to end users. The system will make it simple and fast to aggregate data from multiple Web sources, and also assist in the development of sophisticated risk assessment models.
The results of the project will include an open-source software system for risk assessment. In addition, we will use the system to develop applications that address important resiliency issues. This will include an application to a produce a neighborhood-level heat vulnerability index for cities throughout the United States, and an application for predicting CVSS scores based on cyber vulnerability announcements, which can be employed commercially.

H-SB016.1-008 - Using Social Media to Support Timely and Targeted Emergency Response Actions

Award/Contract Number

HSHQDC17C00016

Abstract

To address the DHS need for a new data analytics engine to correlate social media comments and activity with incident command data, Physical Optics Corporation (POC) proposes, in Phase II, to advance a new Real-time Information Contextual Correlation and Analysis (RICCA) software system proven feasible in Phase I. RICCA is based on unstructured data analysis and integration and event context modeling. Its advanced contextual analytics engine enables automated processing flow to retrieve social media data from multiple outlets (Facebook, Twitter, YouTube), extract environmental, social, meteorological, political, economic, and other factors relevant to an event of interest, correlate them in geo-space and time with data stored in a computer-aided-dispatch (CAD) system, and generate alerts for first responders and emergency/incident/crisis management. The innovation in unstructured data processing and integration and multi-resolution event context modeling can improve incident command's situational awareness and understanding. In Phase I, POC demonstrated the feasibility of RICCA by developing a set of operational scenarios, identifying the external factors in social media and operational incident data, developing core analytics modules, and implementing algorithms to measure performance and improvements. In Phase II, POC plans to mature the RICCA prototype and its correlation and analysis algorithms for the target scenario established in Phase I and support a pilot protocol by which a social media feed is correlated with operational incident data. Validation and trust algorithms will also be developed to support more timely and targeted response actions and allow for escalation preparedness.

The purpose of this proposal is to continue work done in Phase I on a platform for multiple blockchains, applications, and the analysis of blockchain transactional data. BlockCypher has built a blockchain infrastructure that supports a multitude of applications, e.g., identify management, internet-of-things (IoT), notary, embeddable assets, predictive analytics, etc. - and runs both closed and open blockchains on the same infrastructure. BlockCypher's platform currently supports the ability to embed encrypted data on any blockchain, predict which transactions will be accepted, and hosts a multitude of security measures that can provide a significant value proposition for homeland security applications. BlockCypher also stores and handles larges amounts of public blockchain transaction data (multiple terabytes) in distributed and redundant data stores.
In Phase I, we built a blockchain analytical framework and an Analytics API on top of our data store so we would see if any useful information and patterns could be extracted. Phase II will build upon the framework of Phase I and will dive deeper into broader-scale use cases for analytics (e.g. identity, law enforcement, compliance).

Remote identity proofing is the process of uniquely verifying an individual that is a party to an online transaction. The degree of difficulty is compounded when attempting to authenticate for the first time a previously unknown individual. This presents an enormous challenge to the secure delivery of online commerce and Government services.
In Phase I CardSmart Technologies introduced the novel concept of a "Composite Identity Model" which is an identity enrichment process through which multiple identity verification methods are aggregated to exponentially strengthen the confidence and assurance level of the identity.
Phase II will build on the momentum and enthusiasm generated by the functional prototype which demonstrated that the strategic combination of multiple non-KBV verification technologies will out perform any single technology. Additionally, the architecture embraces a flexible and decidedly vendor-agnostic approach that encourages state-of-the-art implementations, highly customizable to a specific client or industry, with a competitive pricing structure that greatly increases its commercial appeal. Targeted use cases include: compliance with KYC and AML mandates, C2C marketplaces, Government services and privileged identity management.
The Phase II project plan is to:
1. Integrate third party verification services; finalize scoring with enhanced rules engine
2. Complete design and development; test and deliver production-ready version
3. Expand appeal with supporting Web services and APIs for easy integration with other systems; adapt commercial solution to meet DHS or other Government customer requirements
4. Package the solution and launch as a subscription service (includes flexible pricing, building brand awareness, promotion in trade channels)